Re: [PATCH net] esp: select CRYPTO_SEQIV

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Jun 05, 2020 at 10:29:56AM +1000, Herbert Xu wrote:
> On Fri, Jun 05, 2020 at 10:28:58AM +1000, Herbert Xu wrote:
> >
> > Hmm, the selection list doesn't include CTR so just adding SEQIV
> > per se makes no sense.  I'm not certain that we really want to
> > include every algorithm under the sun.  Steffen, what do you think?
> 
> Or how about
> 
> 	select CRYPTO_SEQIV if CRYPTO_CTR
> 
> That would make more sense.
> 
> Cheers,

There's also a case where "seqiv" is used without counter mode:

net/xfrm/xfrm_algo.c:

{
        .name = "rfc7539esp(chacha20,poly1305)",

        .uinfo = {
                .aead = {
                        .geniv = "seqiv",
                        .icv_truncbits = 128,
                }
        },

        .pfkey_supported = 0,
},


FWIW, we make CONFIG_FS_ENCRYPTION select only the algorithms that we consider
the "default", and any "non-default" algorithms need to be explicitly enabled.

Is something similar going on here with INET_ESP and INET_ESP6?  Should "seqiv"
be considered a "default" for IPsec?

- Eric



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux